GAO recommends empowering federal CIOs

Nearly 50 percent of federal CIOs have another official agency job function in addition to being chief information officer. That's just one of the professional distractions they face and, although the law calls for it, many CIOs are not responsible for all the privacy and security tasks that perhaps they should be.

That’s according to the Government Accountability Office (GAO), which wrote, ina report to the Office of Management and Budget (OMB), that “federal law provides CIOs with adequate authority to manage IT for their agencies; however, some limitations exist that impede their ability to exercise this authority.”

For starters, there's the reality of CIOs also serving in other roles. The GAO found, in fact, that 14 of 30 surveyed CIOs held another job title – including ones as demanding as chief acquisition officer or chief human capital officer. One CIO even had five titles.

“We and members of Congress have previously questioned whether split duties allow a CIO to deal effectively with an agency’s IT challenges,” according to the GAO. “Holding other positions is contrary to the federal law requiring that IT and information management be the CIOs primary function and distracts from the responsibility to ensure that agencies carry out their IT and information management in an efficient, effective, and economical manner.”

It’s the information management side that suffers most. CIOs typically are responsible for seven key IT management areas – those being enterprise architecture, information security, IT strategic planning, e-government initiatives, IT workforce planning, as well as systems acquisitions, development and integration.

“By contrast, CIOs are less frequently responsible for information management duties such as records management and privacy requirements, which they commonly share with other offices or organizations within the agency,” GAO explained. “In this regard, CIOs report spending more than two-thirds of their time on IT management responsibilities, and less than one-third of their time on information management responsibilities.”

“Even those CIOs who indicated they had been assigned responsibility for these six information management areas reported they assigned a higher priority to their IT management responsibilities,” GAO found.

All of these factors contribute to an average two-year tenure for federal CIOs, GAO noted.

“To ensure that CIOs are better able to carry out their statutory role as key leaders in managing IT,” GAO recommended that the Director of Office of Management and Budget (OMB) do the following:

Issue guidance to agencies requiring that CIOs’ authorities and responsibilities, as defined by law and by OMB, are fully implemented, taking into account the issues raised in this report.

Establish deadlines and metrics that require agencies to demonstrate the extent to which their CIOs are exercising the authorities and responsibilities provided by law and OMB’s guidance.

Require agencies to identify and document internal lessons learned and best practices for managing IT.

“Notwithstanding the focus on IT management, CIOs have not always been empowered to be successful,” GAO wrote, adding that common limitations include: control and influence over IT budgets, commodity IT investments, staffing decisions, and not reporting directly to the agency head.

“While OMB’s guidance reaffirms CIO authorities and responsibilities to influence IT outcomes, it does not establish measures of accountability,” GAO continued in its report. “Having actionable measures would help ensure that CIOs are empowered to successfully carry out their responsibilities under the law and enable them to successfully carry out their responsibilities under the IT Reform Plan.”